Creating an Event Source via a Reg File

If you ever tried to write to the event log, without an event source for that application created you will get an exception saying something along the lines of that you do not have permissions to create the event source.

If an event source does not exist, it is automatically created. The creation of the event source is a privileged operation and requires elevated privileges (a.k.a admin privileges) which of course might not always be possible if running a web application.

The easiest way to create this event source is via a reg file. An example is below (credit goes to my colleague Dominic to provide me the original sample).

Note: you need all the lines below including the “Windows Registry Editor Version 5.00”.

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\YOUR-APPLICATION-NAME-GOES-HERE]

"EventMessageFile"=hex(2):43,00,3a,00,5c,00,57,00,49,00,4e,00,44,00,4f,00,57,\

  00,53,00,5c,00,4d,00,69,00,63,00,72,00,6f,00,73,00,6f,00,66,00,74,00,2e,00,\

  4e,00,45,00,54,00,5c,00,46,00,72,00,61,00,6d,00,65,00,77,00,6f,00,72,00,6b,\

  00,5c,00,76,00,32,00,2e,00,30,00,2e,00,35,00,30,00,37,00,32,00,37,00,5c,00,\

  45,00,76,00,65,00,6e,00,74,00,4c,00,6f,00,67,00,4d,00,65,00,73,00,73,00,61,\

  00,67,00,65,00,73,00,2e,00,64,00,6c,00,6c,00,00,00

Published by

Amit Bahree

This blog is my personal blog and while it does reflect my experiences in my professional life, this is just my thoughts. Most of the entries are technical though sometimes they can vary from the wacky to even political – however that is quite rare. Quite often, I have been asked what’s up with the “gibberish” and the funny title of the blog? Some people even going the extra step to say that, this is a virus that infected their system (ahem) well. [:D] It actually is quite simple, and if you have still not figured out then check out this link – whats in a name?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.